<?php
session_start();

setcookie("logoutMessage",""); //resets the logout message if the client has just logged out and clicks log in straight away

$host="localhost"; // Host name
$username="z247s504_admin"; // Mysql username
$password="PxLpCd07"; // Mysql password
$database="z247s504_website"; // Mysql Database

$postedUsername=$_POST['username'];
$postedPassword=$_POST['password'];


$con = mysql_connect($host,$username,$password);
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db($database, $con);

$result = mysql_query("SELECT * FROM users WHERE username = '$postedUsername' AND password = '$postedPassword'");

while($row = mysql_fetch_array($result))
  {
  $userID =$row['userID'];	  
  $password =$row['password'];
  $username = $row['username'];
  $permission = $row['permission'];
  }
 
$num_rows = mysql_num_rows($result);

//echo "postedUsername = ".$_SESSION["username"]."<br />";
//echo "postedPassword = ".$_SESSION["password"]."<br />";
//echo "firstName = ".$_SESSION['firstName']."<br />";
//echo "numberOfRows".$num_rows;

if ($num_rows==1)
{
//echo "Redirecting to: www.staged.".$website.".co.uk";
$_SESSION["failedMessage"] = "";
$_SESSION['userID'] = "$userID";
$_SESSION['userName'] = "$username";
$_SESSION['permission'] = $permission;
setcookie("failedMessage","",time()+30);
header('Location: myAccount.php');

// Test
//echo "SassionPermission: ".$_SESSION['permission']."<br />";
//echo "Permission: ".$permission;
//End test

}
else
{
$_SESSION['permission'] = 0;
setcookie("failedMessage","Sorry your Username or Password has not been recognised, please try again...",time()+30);
header('Location: http://www.24-7saddles.com/adminFiles/index.php');
//echo $_SESSION['failedMessage'];
}
mysql_close($con);
?>